Troubleshooting Discover FileSystem Access
search cancel

Troubleshooting Discover FileSystem Access

book

Article ID: 160747

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

Unable to run Discover Scans. You may see System error 85 or NET HELPMSG 2404 in the FileReader.log.

Environment

15.X, 16.X

Cause

Potential drive access issues. 

Resolution

If you are having issues connecting to a drive that you want to scan, run a test to access the drive in the same manner that Discover does.

To run a test to access the drive:

  1. Make sure that the credentials in Symantec DLP are correct; Mount the file system using these credentials.
  2. Determine if Symantec DLP is using a mount or jcifs:

Go to: ../Protect/config/crawler.properties or /SymantecDLP/Protect/config/crawler.properties
crawler.use.jcifs = true  ( If this is set to true, jcifs are being used. If this is set to false a mount is being used. The default is false.)

Additional resources:

If you go to /Vontu/Protect/bin or  or /SymantecDLP/Protect/bin, there are several files of interest:

  • nfs.bat - contains the command used to connect when using mount 
  • nfsu.bat - contains the command used to disconnect when using mount
  • smb.bat - contains the command used to connect when using jcifs
  • smbu.bat - contains the command used to disconnect when using jcifs

The following commands are used by Discover to connect. Try to use them to make sure you can connect properly.

Example:

For smb

The file smb.bat contains:

  • net use %1 %2 %4 /user:%3 /persistent:no
  • %1 = drive
  • %2 = path
  • %3 = username 
  • %4 = password

Example:

Net use m: \\<network_share>\C$ protectdemo /user:protectdemo /persistent:no.

Using this example, if you cannot connect, you have permissions issues. Make sure that everything matches what you entered in the UI.

For smbu

The file smbu.bat contains:

  • net use %1 /delete /yes

an example would be:
net use m:
\\<network_share>\C$ /delete /yes

Make sure that you unmount the drive after testing.

NOTICE:  When accessing administrative share such as C$ or D$, the account needed to be part of the Administrators group for that target system.

Using NFS:

These require the SFU3.5 from http://www.microsoft.com/downloads/details.aspx?familyid=896C9688-601B-44F1-81A4-02878FF11778&displaylang=en

The file nfs.bat contains:

  • mount -u:%3 -p:%4 %2 %1
  • %1 = drive
  • %2 = path
  • %3 = username
  • %4 = password

An example would be:
Mount –u:protect –p:protect
\\<network_share>\C$ m:

This will mount the m drive to be
\\<network_share>\C$ using the username and password of protect.

Note: If you leave the –p off, it will prompt for the password. Then the password will not be visible.

Make sure that you unmount the drive after testing.

For nfsu
The file nfsu.bat contains:

  • net use %1 /delete /yes

If you cannot connect with these, you have permissions issues. Make sure that everything matches what you entered in the UI.

If these commands work and you still get "System error 85" or "NET HELPMSG 2404." in the FileReader.log, restart the Vontu services on the Monitor and try the scan again.